2024-05-26 14:27:05 +02:00
### [CVE-2019-20209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20209)
### Description
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
### POC
#### Reference
- https://cxsecurity.com/issue/WLB-2019120110
2024-06-09 00:33:16 +00:00
- https://cxsecurity.com/issue/WLB-2019120110
2024-05-26 14:27:05 +02:00
- https://cxsecurity.com/issue/WLB-2019120111
2024-06-09 00:33:16 +00:00
- https://cxsecurity.com/issue/WLB-2019120111
2024-05-26 14:27:05 +02:00
- https://cxsecurity.com/issue/WLB-2019120112
2024-06-09 00:33:16 +00:00
- https://cxsecurity.com/issue/WLB-2019120112
- https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
2024-05-26 14:27:05 +02:00
- https://wpvulndb.com/vulnerabilities/10013
2024-06-09 00:33:16 +00:00
- https://wpvulndb.com/vulnerabilities/10013
2024-05-26 14:27:05 +02:00
- https://wpvulndb.com/vulnerabilities/10014
2024-06-09 00:33:16 +00:00
- https://wpvulndb.com/vulnerabilities/10014
2024-05-26 14:27:05 +02:00
- https://wpvulndb.com/vulnerabilities/10018
2024-06-09 00:33:16 +00:00
- https://wpvulndb.com/vulnerabilities/10018
2024-05-26 14:27:05 +02:00
#### Github
No PoCs found on GitHub currently.
